Last updated 2026-07-10

TL;DR
The TCPA restricts any autodialer (ATDS) used to call or text cell phones without prior express consent. Violations run $500 to $1,500 per call or text, and courts routinely certify class actions. The Supreme Court's 2021 Facebook ruling narrowed what counts as an ATDS, but the edges are still contested. Blanket compliance is the only safe posture.
What is an autodialer under the TCPA?
The Telephone Consumer Protection Act defines an automatic telephone dialing system (ATDS) as equipment that has the capacity "to store or produce telephone numbers to be called, using a random or sequential number generator; and to dial such numbers." [1] That statutory text, from 47 U.S.C. § 227(a)(1), is the foundation everything else rests on.
For decades the FCC read that definition broadly. It treated most predictive dialers and many CRM-triggered systems as ATDSs even when they called from a fixed contact list rather than randomly generated numbers. Then the Supreme Court stepped in.
In Facebook, Inc. v. Duguid (2021), the Court held unanimously that an ATDS must use a random or sequential number generator to store or produce numbers. [2] A system that dials from a stored list of specific contacts, without any random or sequential generation step, does not qualify. That ruling threw a lot of plaintiffs' claims into doubt and handed defendants a real defense.
Here's the catch. Most modern predictive dialers and power dialers do more than pull a static list. They blend algorithmic sequencing, dynamic queue management, and sometimes AI-driven call pacing. Whether that makes them an ATDS under Duguid is genuinely unsettled. Federal circuits are still working through the question, and the FCC has open proceedings. Nobody has a clean answer.
The practical upshot is simple. If your dialer does anything beyond a human clicking "call next" on a static list, treat it as an ATDS for compliance purposes until courts and the FCC settle the question. The downside, at $500 to $1,500 per call, is not a risk worth optimizing around.
What does the TCPA actually prohibit for autodialer calls and texts?
Section 227(b)(1) of the TCPA prohibits making any call using an ATDS or a prerecorded voice to a cell phone number without the prior express consent of the called party. [1] The same rule covers text messages sent to cell phones, because the FCC has consistently treated SMS as a "call" under the statute. [8]
There are three distinct cell-phone call categories and each has its own consent threshold.
| Call/Text Type | Required Consent Level | Permitted Callers Without Consent |
|---|---|---|
| Telemarketing or advertising calls/texts | Prior express written consent | None |
| Informational (non-marketing) calls/texts | Prior express consent (oral or written) | None |
| Emergency calls | No consent required | Any caller in genuine emergency |
| Calls to residential landlines with prerecorded voice | Prior express consent | Healthcare, political, non-profit, with restrictions |
The landline rule is a separate track. The TCPA restricts prerecorded voice calls to home landlines even without an autodialer in the picture, but the consent bar is lower than for cell phones.
One detail burns a lot of teams. "Express consent" for a non-marketing informational text is not the same as "express written consent" for a marketing text. Informational consent can be oral or inferred from giving your number in a business context. Marketing consent must be in writing (including electronic writing), signed, and it must specifically authorize autodialed marketing messages. [3] Using the lower standard for a marketing campaign is one of the most common TCPA violations out there.
One more thing. You cannot condition purchase of a product or service on providing that written consent. [3] If your checkout flow says "by buying you agree to marketing texts," that may not be valid consent under the TCPA.
How did the Facebook v. Duguid ruling change the ATDS definition?
Before April 2021, the FCC's 2003 and 2015 orders had treated predictive dialers as ATDSs because they have the "capacity" to dial numbers without human intervention, even when they were working from a contact list. [3] Plaintiffs' firms used that broad reading to file class actions against nearly any company running a dialer campaign.
Facebook, Inc. v. Duguid (141 S. Ct. 1163, 2021) changed the landscape. [2] The Court read "using a random or sequential number generator" as modifying both "store" and "produce," meaning the generation step is required in either path. A system that stores a specific list of numbers and dials them in order does not meet the definition, full stop.
That was a real win for defendants. Class actions targeting companies whose dialers worked only from opt-in contact lists got much harder to certify. Several pending suits were dismissed or narrowed after Duguid.
The win is narrower than some compliance teams think. The ruling only addressed the ATDS definition. Prerecorded voice calls are still restricted on their own, completely separate from the ATDS question. A dialer that uses any algorithmic pacing or sequencing may still qualify as an ATDS under some courts' post-Duguid readings. And states like Florida, Oklahoma, and Washington have their own autodialer statutes that often run broader than the federal TCPA. [4] Duguid did not touch those.
So the practical guidance has not moved much. Document exactly how your dialer works, get real consent, and do not assume Duguid gave you a free pass.
What are the TCPA penalties for autodialer violations?
The TCPA's damages structure is why this statute generates so many lawsuits. You do not have to prove actual harm. Statutory damages are $500 per violation, and a court can triple that to $1,500 per violation if it finds the violation was willful or knowing. [1] Each individual call or text is a separate violation.
Run a campaign of 50,000 texts without proper consent and you are looking at $25 million at $500 each, or $75 million if a court finds willfulness. The math is not theoretical. TCPA class action settlements routinely run into the millions, including a $76 million settlement in a case involving Capital One and a $2.5 million payment by UnitedHealthcare for alleged TCPA violations.
The TCPA gives private plaintiffs the right to sue, and there is no cap on the number of class members. That's what makes TCPA litigation so attractive to plaintiffs' firms. They do not need a plaintiff with a large individual loss. They just need one person in a large class.
The FCC also has enforcement authority, though federal agency enforcement is slower and less frequent than private suits. [9] State attorneys general can sue under the TCPA as well. [1]
Willfulness matters a lot in practice. If you received a prior cease-and-desist or opt-out from the plaintiff, or if internal emails show you knew the campaign lacked valid consent, a court is going to find willfulness. That triples every number in the case. Document your consent chain, honor every opt-out the same day, and stop calling people who have told you to stop.
For real settlement examples, the Credit One TCPA settlement and the Truist Bank TCPA class action settlement show the range of outcomes and how quickly exposure compounds when calling volume is high.
What counts as prior express written consent for marketing calls and texts?
The FCC's 2012 order, effective October 16, 2013, requires prior express written consent for all autodialed or prerecorded telemarketing calls to cell phones. [3] The regulations define this consent at 47 C.F.R. § 64.1200(f)(9).
Valid written consent has to do four things. It has to be a written agreement (paper or electronic). It has to clearly authorize the specific company to call or text using an autodialer or prerecorded voice. It has to disclose that consent is not a condition of purchase. And it has to include the consumer's phone number.
A pre-checked checkbox does not work. A general privacy policy reference does not work. "By submitting this form you agree to our terms" pointing to a buried mention of marketing texts probably does not work, and courts have been skeptical of it.
Here is what does work. A clearly labeled opt-in checkbox (not pre-checked) with language like "I agree to receive autodialed marketing text messages from [Company] at the number provided. Consent is not required to purchase."
The consent also has to cover the specific type of communication. Consent to receive shipping updates does not extend to promotional texts. Consent given for one company does not transfer to an affiliate unless the consumer specifically agreed to that.
Lead generation adds risk. When a consumer fills out a form on a third-party lead gen site, the consent language needs to name your company specifically. Generic "and its partners" language has been challenged successfully in court. The FCC's one-to-one consent rule (adopted December 2023) went further, requiring that each seller be named explicitly in the consent. [5] That rule has faced legal challenges and implementation uncertainty, but it signals where the FCC wants to go.
For a deeper look at consent mechanics in text marketing, see our guide to text message marketing.
Do TCPA autodialer rules apply to text messages?
Yes. The FCC made this explicit in a 2003 Declaratory Ruling, confirming that text messages to cell phones are "calls" covered by the TCPA. [8] Federal courts have upheld that position consistently ever since.
Every rule that applies to autodialed voice calls to cell phones applies equally to autodialed SMS and MMS. That means prior express written consent for marketing texts, an opt-out mechanism that works right away, and identification in every message.
The FCC's P2P (peer-to-peer) exception is real but narrow. True P2P texting, where a single human agent manually sends each message one at a time, is generally not covered by TCPA autodialer restrictions. The minute you have software that queues messages, sends them in batches, or automates the timing, you are out of P2P territory regardless of what your vendor calls the product.
If you run any kind of text marketing program, the text messaging marketing rules deserve a full read. TCPA, the CAN-SPAM Act (which does not cover SMS), and carrier A2P 10DLC registration each add their own layer of compliance obligations.
What TCPA exemptions apply to autodialer calls?
A few categories of calls get specific exemptions or adjusted rules, but none of them are as wide as people hope.
Emergency calls are fully exempt. If a hospital's system auto-dials a patient to say their surgery is cancelled because of an emergency, that falls outside TCPA autodialer restrictions. The exemption is narrow. The call has to be made necessary by an emergency involving health or safety.
Healthcare-related calls from healthcare providers get a limited prerecorded-voice exemption for calls to residential lines. The FCC has specific rules here, including a one-call-per-day limit and a maximum of three calls per week for prerecorded healthcare messages. [3] This exemption does not cover cell phones without consent.
Government calls (calls made by or on behalf of a government entity) are exempt from the ATDS restrictions in some readings, though this is contested in case law and does not help most private businesses.
Debt collection is not an exemption. People assume FDCPA-governed debt collectors have special TCPA carve-outs. They do not. Debt collectors using autodialers to call cell phones without consent face TCPA liability like anyone else, and they get sued for it regularly.
Political calls to cell phones using autodialers also need consent. There is a common belief that political speech has a special First Amendment carve-out from the TCPA. Courts have generally rejected that argument. Political campaigns making autodialed calls to cell phones need express consent under the TCPA. [6]
How do the National DNC Registry rules intersect with TCPA autodialer rules?
The National Do Not Call (DNC) Registry is a separate compliance system from the TCPA's ATDS restrictions, but they overlap constantly in practice.
The DNC Registry bans unsolicited telemarketing calls to registered numbers, whether or not you use an autodialer. You can violate the DNC rules with a human agent making manual calls, and you can violate the TCPA's ATDS rules even when the number is not on the DNC list. They are independent tracks.
For most outbound sales teams, both rules apply at once. A telemarketing call to a cell phone using an autodialer needs two things: prior express written consent under TCPA, and the number cannot be on the DNC registry unless you have an established business relationship (EBR) or specific do-not-call permission.
The EBR exemption lets you call DNC-registered numbers for up to 18 months after the consumer's last purchase, payment, or delivery, or 3 months after an inquiry. [7] But the EBR exemption does not help with TCPA autodialer consent for cell phones. Those requirements are stricter.
To understand how consumers actually stop unwanted contacts, the how to stop robocalls guide covers the DNC registry and TCPA complaint processes from the consumer side, which is useful context for compliance teams.
What are the practical steps to make your dialer campaign TCPA-compliant?
Here is what actually matters, in the order it matters.
First, know what your dialer does. Get a written technical description from your vendor. Ask specifically: does the system use any algorithm, AI, or sequential logic to select or queue numbers beyond a simple static list? Does it have the capacity to generate numbers randomly or sequentially? If the vendor gives you vague marketing language instead of a real technical answer, that is a red flag.
Second, build a consent capture system that holds up. For marketing calls and texts to cell phones, you need prior express written consent. That means a clear, affirmative opt-in (not pre-checked) with language authorizing autodialed marketing contacts and stating consent is not required to buy. Save a timestamped record of every consent with the source URL, the IP address, and the exact disclosure language shown at the time.
Third, scrub your calling list before every campaign. Run it against the National DNC Registry (you need a subscription for more than 5 numbers), against your internal DNC list, and against any state-specific DNC lists. Florida, for one, has its own DNC list with different rules. [4]
Fourth, honor opt-outs fast. For SMS, STOP must remove someone from all future texts within 10 days under FCC rules, but do it in minutes. For voice calls, add the number to your internal DNC list the same day.
Fifth, train your team and document everything. Most TCPA defendants who end up paying the big settlements had internal evidence that someone knew about a compliance problem and kept the campaign running anyway. That evidence turns a $500 violation into a $1,500 willful violation, and courts use it to deny summary judgment.
LeadCompliant offers a free TCPA compliance kit with consent language templates, a pre-call scrub checklist, and a dialer audit worksheet if you want a structured starting point.
For ongoing developments that affect your dialer rules, the tcpa news section tracks FCC orders, circuit court rulings, and settlements as they happen.
Which recent TCPA autodialer settlements show what real exposure looks like?
Looking at actual settlements is the fastest way to understand how the risk calculates.
UnitedHealthcare paid $2.5 million to resolve allegations of TCPA violations tied to autodialed calls. The UnitedHealthcare TCPA settlement involved calls made to numbers for which the company allegedly lacked valid consent.
The Albertsons and Safeway TCPA settlement shows that retail companies running text marketing programs face the same exposure as financial services firms. Any industry doing SMS marketing at scale is in the crosshairs.
The Cash App TCPA class action settlement is worth reviewing because it shows how fintechs are not insulated from TCPA exposure just because they operate mostly through apps.
Across these cases, a few patterns repeat. The defendant had a large contact list. The consent documentation was missing, ambiguous, or did not cover the specific type of message sent. The company kept sending messages after receiving opt-out requests. And the class was large enough that even a modest per-member settlement produced a headline number.
Nobody has clean aggregate data on average TCPA settlement amounts, because most settlements are not publicly reported. The FTC and FCC do not maintain a public database of private settlements. The cases that make the news are the large ones, which creates survivorship bias. The real distribution probably includes many smaller settlements in the $50,000 to $500,000 range that never get press coverage.
Do state laws add extra autodialer restrictions beyond the TCPA?
Several states have their own autodialer or robocall statutes that go further than federal law, and some of them reach business-to-business calls the TCPA largely leaves alone.
Florida's Telephone Solicitation Act (FTSA), as amended in 2021, created a private right of action for autodialed text messages that mirrors and in some ways expands the TCPA. [4] Florida saw a flood of FTSA suits in 2022 and 2023. The legislature amended the FTSA in 2023 to narrow it, requiring that a plaintiff actually received the text on a Florida number, but it remains a meaningful extra layer.
Washington State has its own Commercial Electronic Mail Act and telephone solicitation rules. Oklahoma enacted a law in 2022 aimed at automated texts. Maryland and a growing list of states now have mini-TCPA statutes with varying definitions of what counts as an autodialer.
The point that matters: a dialer setup that is fine under the federal TCPA after Duguid may still violate a state statute using a broader ATDS definition. State-law exposure does not vanish just because you cleared the federal bar.
If you run campaigns in a specific state and want the local rules, that requires state-specific legal review. The tcpa lawyer kentucky article is one example of how state-level practice issues arise even in states without a dedicated mini-TCPA statute.
What should you do if your company gets a TCPA demand letter about autodialer calls?
A demand letter is not a lawsuit, but treat it seriously from the moment it lands.
Do not call the claimant back. Do not have anyone from your sales team reach out. Do not send another message to the claimant's number. The first three things you do should all be protective.
Preserve everything. Put a litigation hold on your CRM data, calling records, consent records, and any communications about the campaign in question. Deleting records after receiving a demand letter is spoliation, and it makes everything worse.
Get counsel quickly. TCPA plaintiff's attorneys often send demand letters hoping for a quick settlement. The letter may be legitimate or a fishing expedition. Either way, you need a lawyer who knows TCPA defense to review the merits, evaluate your consent documentation, and assess your exposure before you respond.
Do an internal audit. Pull the call records for the claimant. Pull your consent documentation. Check when you received any opt-out requests and whether you honored them. If you find a gap in your consent chain, your counsel needs to know before responding to the plaintiff.
Small teams sometimes try to settle fast without counsel to save on legal fees. That can work out, or it can produce a settlement that does not properly release all claims and opens the door to follow-on litigation. At minimum, have an attorney review any proposed settlement language.
Not legal advice, obviously. Every situation is fact-specific and you need a real lawyer for your real situation.
Frequently asked questions
Does the TCPA apply to calls made with a predictive dialer?
After the Supreme Court's 2021 Facebook v. Duguid ruling, a predictive dialer only qualifies as an ATDS if it uses a random or sequential number generator to store or produce numbers. A dialer working purely from a fixed contact list may not qualify. But predictive dialers with algorithmic pacing or queue logic are still contested in the courts, and the FCC has not finalized new guidance. Treat your predictive dialer as an ATDS until the law is clearer.
Can I use an autodialer to call existing customers without consent?
For non-marketing informational calls, prior express consent (which can be oral or inferred from providing a number in a business context) is enough. For marketing calls or texts to cell phones, you need prior express written consent regardless of the customer relationship. An established business relationship does not create written consent for marketing under the TCPA. The EBR exemption helps with DNC registry scrubbing but not with TCPA autodialer consent for cell phones.
What is the TCPA fine for each autodialed call without consent?
The TCPA sets statutory damages at $500 per violation, meaning per call or per text. A court can treble that to $1,500 per violation if it finds the violation was willful or knowing. There is no cap on aggregate damages in a class action, which is why a campaign of even moderate size can produce multi-million dollar exposure. You do not need to prove actual harm to collect statutory damages.
Does Facebook v. Duguid mean my autodialer campaigns are safe now?
Not automatically. Duguid narrowed the ATDS definition under federal law, but prerecorded voice restrictions remain separate and still apply. State mini-TCPA statutes often use broader definitions that Duguid did not affect. And dialers using any algorithmic sequencing may still qualify as ATDSs under some courts' post-Duguid readings. Consent requirements and DNC scrubbing obligations were untouched by the ruling entirely.
Do TCPA autodialer rules apply to B2B calls?
The TCPA covers calls to cell phones whether the recipient is a consumer or a business employee. If you call a person's cell phone using an ATDS without consent, it does not matter that the purpose was business-to-business. The cell phone is the key. Calls to business landlines with live agents have much lighter TCPA restrictions, but the moment you dial a mobile number, the full autodialer consent rules apply.
How long does a company have to honor a TCPA opt-out request?
The national DNC rules require honoring do-not-call requests within a set window, and the regulatory standard for individual company-specific opt-outs is 30 days. In practice, honoring opt-outs immediately (within minutes for SMS) is the correct approach, because the 30-day window does not protect you from liability for calls made during that window if you already knew of the opt-out. For SMS, the industry standard is processing STOP requests the same day.
Is a text message a call under the TCPA?
Yes. The FCC ruled in 2003 that text messages to cell phones are calls under the TCPA, and federal courts have consistently upheld that interpretation. Every TCPA restriction on autodialed calls to cell phones applies equally to autodialed SMS and MMS: you need prior express written consent for marketing texts, an opt-out mechanism, and proper identification in each message.
What records should I keep to defend a TCPA autodialer claim?
Keep a timestamped record of every consent, including the date, time, IP address, the exact opt-in language shown, and the source URL. Retain call and text logs showing the number contacted, the time, and the campaign. Document every opt-out request and when it was processed. Preserve your dialer's technical specifications. In litigation, missing records are almost always read against the defendant. Courts have sanctioned defendants for failing to preserve relevant records after notice of a claim.
Can political campaigns use autodialers to call cell phones?
Political campaigns need prior express consent to make autodialed calls or send autodialed texts to cell phones, just like commercial callers. Courts have generally rejected First Amendment arguments that political speech is exempt from TCPA autodialer restrictions. There is an exception for calls to residential landlines by political campaigns using live agents, but cell phones require consent regardless of the caller's political nature.
What is the one-to-one consent rule the FCC adopted in 2023?
In December 2023, the FCC adopted a rule requiring that consent for autodialed marketing calls and texts be specific to one seller at a time. Before this, many lead generation sites collected consent to contact a broad list of unnamed partners. Under the new rule, each seller must be named in the consent. The rule's effective date and implementation have faced legal challenges, but it signals that generic partner consent on lead gen sites is increasingly risky.
Does the TCPA apply to ringless voicemail drops?
This is unsettled. The FCC sought comment on whether ringless voicemail qualifies as a call under the TCPA, since it is delivered directly to a voicemail server without causing the phone to ring. The FCC has not issued a final binding ruling. Ringless voicemail vendors often market the product as TCPA-exempt, but at least some federal courts have allowed TCPA suits based on ringless drops to proceed. Treat it as a gray area with real litigation risk.
Can I buy a contact list and call those numbers with an autodialer?
Not for marketing calls to cell phones without prior express written consent. Buying a list of phone numbers does not transfer consent, and the person who sold you the list cannot grant consent on behalf of the consumers whose numbers are on it. Calling purchased cell phone lists with an autodialer for marketing is one of the most common ways companies generate TCPA exposure and end up in class action litigation.
What is the difference between TCPA and the FTC's Telemarketing Sales Rule?
The TCPA (FCC-administered, 47 U.S.C. § 227) covers autodialers, prerecorded calls, and texts, with a private right of action for $500 to $1,500 per violation. The FTC's Telemarketing Sales Rule (TSR) covers telemarketing practices broadly, including the National DNC Registry, call abandonment rates, and deceptive practices. Both can apply to the same call. TCPA private lawsuits are more common; TSR enforcement is primarily an FTC action.
Sources
- U.S. Code, 47 U.S.C. § 227, Telephone Consumer Protection Act: TCPA defines ATDS as equipment with the capacity to store or produce telephone numbers using a random or sequential number generator; damages are $500 per violation, trebled to $1,500 for willful violations
- U.S. Supreme Court, Facebook, Inc. v. Duguid, 141 S. Ct. 1163 (2021): Supreme Court held unanimously that an ATDS must use a random or sequential number generator to store or produce numbers; dialing from a stored list does not qualify
- FCC, In the Matter of Rules and Regulations Implementing the Telephone Consumer Protection Act of 1991 (2012 Order, FCC 12-21): FCC required prior express written consent for autodialed or prerecorded telemarketing calls to cell phones effective October 16, 2013; text messages are treated as calls; healthcare prerecorded message exemptions for residential lines; consent rules codified at 47 C.F.R. 64.1200
- Florida Legislature, Florida Telephone Solicitation Act (FTSA), Fla. Stat. § 501.059: Florida's FTSA creates a private right of action for autodialed text messages and imposes requirements beyond federal TCPA, including a specific Florida-number nexus requirement added in 2023
- FCC, Report and Order on Targeting and Eliminating Unlawful Text Messages (FCC 23-107, December 2023): FCC adopted one-to-one consent rule requiring each seller to be named specifically in consent for autodialed marketing contacts, effective January 2025
- Federal Communications Commission, consumer guidance on stopping unwanted robocalls and texts: Political calls to cell phones using autodialers require express consent; emergency calls are exempt from TCPA autodialer restrictions
- FTC, complying with the Telemarketing Sales Rule do-not-call provisions: Established business relationship exemption allows calls to DNC-registered numbers for 18 months after last purchase or 3 months after an inquiry
- FCC, Declaratory Ruling on Text Messages as Calls Under the TCPA (2003): FCC ruled in 2003 that text messages to cell phones constitute calls covered by the TCPA
- FTC, Telemarketing Sales Rule, 16 C.F.R. Part 310: FTC Telemarketing Sales Rule governs call abandonment rates, DNC registry requirements, and deceptive telemarketing practices separately from the TCPA